Upstream patch not merged

Veda (BoringVault)'s assessment for RD-F-127 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Not applicable. The Se7en-Seas repo is the same team's prior org. There is no external upstream protocol team publishing security patches that Veda could fail to merge. Any security patch is authored by the same team and appears in the Veda-Labs repo.

Sources #

GitHub
Se7en-Seas boring-vault — original org (same team)Se7en-Seas/boring-vault — same team as Veda-Labs; no external upstream security teamretrieved 2026-05-17

Methodology #

Determine whether the upstream fork source has published a known-vulnerability patch that has not been merged into this fork's deployed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-127 score not_applicable collected_at 2026-05-17 12:41:22